Merge pull request #1 from RiS3-Lab/main

Tianyu Zhou · web-flow · commit 85774bd1ed70 · 2021-02-28T11:10:16.000+08:00
update
diff --git a/README.md b/README.md
@@ -63,4 +63,4 @@ Shout out to their amazong contributions that made this possible.
 Q & A
 ----
 Should you have any question, feel free to raise an issue in this repo or directly contact the author at liu.changm@northeastern.edu.
-It's intended that this project to be actively maintained for a period of time(mainly for readability improvement).
+It's intended that this project to be actively maintained for a period of time, mainly for readability improvement and performance fine-tuning.
diff --git a/pass/KSym/AnalysisDriver.cpp b/pass/KSym/AnalysisDriver.cpp
@@ -493,22 +493,26 @@ Instruction* SAHandle::seed2sanitizedVar(CallInst *seed,enum UB_types UB_type) {
             return nullptr;
         }
         if(sanitized_stuct->getNumUses() == 1){
-            // this only one use can only be the "insertValue" inst which is pointless
+            // this only one use can only be the "extractInst" inst which is pointless
             errs()<<"Err: sanitized value not used\n";
             return nullptr;
         }
         if(sanitized_stuct->getNumUses() >= 2){
             auto u_it = sanitized_stuct->user_begin();
             for(; u_it != sanitized_stuct->user_end(); u_it++){
                 Value * use_of_struct = *u_it;
+                //errs()<<*use_of_struct<<'\n';
                 ExtractValueInst * extract_inst = dyn_cast<ExtractValueInst>(use_of_struct);
                 if(extract_inst != nullptr && use_of_struct != conVar){
                     ub_value = extract_inst;
                     break;
                 }
             }
         }
-        assert(ub_value != nullptr);
+        if(ub_value == nullptr){
+            // the sanitized value is never extracted from the struct
+            return nullptr;
+        }
         return ub_value;
     }
     else{
@@ -543,6 +547,7 @@ bool SAHandle::stillWrong(Instruction * sanitized_var,SEGraph*seg){
 int SAHandle::postBugAnalysis(TraceStatus* traceStatus,blist & old_blks ,Slice& old_slice){
     enum UB_types ub_type = seed2UBType(traceStatus->seed);
     Instruction * sanitized_value = seed2sanitizedVar(traceStatus->seed,ub_type);
+
     if(ub_type != ub_notype){
         // this is a UB that needs to be post-bug analyzed
         if(sanitized_value == nullptr){
@@ -857,7 +862,7 @@ void SAHandle::run() {
     // also collect fetches, for later reporting purpose.
     collectSeed();
     collectFetch();
-
+    //errs()<<func<<'\n';
     while(seeds.size() > MAX_NUM_SEEDS_PER_FUNC){
         seeds.erase(seeds.begin());
     }
diff --git a/pass/KSym/Tool.cpp b/pass/KSym/Tool.cpp
@@ -119,7 +119,7 @@ static void  parseCheckPoint(string outFileName,vector<string>& ret){
     return;
 }
 
-int MAX_NUM_TRACES_PER_SEED = 128;
+int MAX_NUM_TRACES_PER_SEED = 512;
 int MAX_NUM_SEEDS_PER_FUNC = 50;
 int MAX_NUM_CALLSITES_PER_CALLER=10;
 int MAX_NUM_CALLERS=10;
@@ -194,7 +194,7 @@ bool KSym::runOnModule(Module &m) {
         if(std::find(alreadyProcess.begin(),alreadyProcess.end(),funcName) != alreadyProcess.end()){
             continue;
         }*/
-        string tarFunc("ch_gstatus");
+        string tarFunc("sys_copyarea");
         //if(funcName != tarFunc ) {
         //    continue;
         //}
@@ -297,16 +297,17 @@ bool KSym::runOnModule(Module &m) {
                         errs()<<to_write;
                         SAHandle* handleInter = new SAHandle(*cur_caller,&(calleeF->getFunc()),\
                         mo,fw,user_paras,eachCallerFunc->second,&calleeF->interPTraces,taintSum,hop_count);
-                        handleInter->runInter();
+                        //
                         /*
+                        handleInter->runInter();
                         vector<string> new_processed_funcs(processed_funcs.begin(),processed_funcs.end());
                         new_processed_funcs.push_back(caller_name);
                         calleeList_next.push_back(make_pair(handleInter,new_processed_funcs));
                         handleInter->mergeResult(summarized);
                         */
                         std::future<void> fut = std::async(std::launch::async,&SAHandle::runInter,handleInter);
-                        std::chrono::system_clock::time_point one_hundred_seconds = std::chrono::system_clock::now() + std::chrono::seconds(100);
-                        if(fut.wait_until(one_hundred_seconds) == std::future_status::ready){
+                        std::chrono::system_clock::time_point timed_out_limit = std::chrono::system_clock::now() + std::chrono::seconds(200);
+                        if(fut.wait_until(timed_out_limit) == std::future_status::ready){
                             vector<string> new_processed_funcs(processed_funcs.begin(),processed_funcs.end());
                             new_processed_funcs.push_back(caller_name);
                             calleeList_next.push_back(make_pair(handleInter,new_processed_funcs));
